cycode 1.7.2.dev7__tar.gz → 1.7.2.dev9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/PKG-INFO +2 -2
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/README.md +1 -1
- cycode-1.7.2.dev9/cycode/__init__.py +1 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/code_scanner.py +66 -22
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/models.py +13 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/scan_client.py +32 -11
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/scan_config_base.py +12 -4
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/pyproject.toml +1 -1
- cycode-1.7.2.dev7/cycode/__init__.py +0 -1
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/auth/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/auth/auth_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/auth/auth_manager.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/configure/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/configure/configure_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/ignore/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/ignore/ignore_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/main_cli.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/report_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/common.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/path/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/path/path_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/repository_url/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/repository_url/repository_url_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/sbom_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/sbom_report_file.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/commit_history/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/commit_history/commit_history_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/path/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/path/path_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_commit/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_commit/pre_commit_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_receive/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_receive/pre_receive_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/repository/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/repository/repository_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/scan_ci/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/scan_ci/ci_integrations.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/scan_ci/scan_ci_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/scan_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/version/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/version/version_command.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/config.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/config.yaml +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/consts.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/exceptions/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/exceptions/custom_exceptions.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/exceptions/handle_report_sbom_errors.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/exceptions/handle_scan_errors.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/excluder.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/iac/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/iac/tf_content_generator.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/models/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/models/in_memory_zip.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/path_documents.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/repository_documents.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/maven/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/maven/base_restore_maven_dependencies.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/maven/restore_maven_dependencies.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/sca/sca_code_scanner.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/zip_documents.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/main.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/models.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/console_printer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/json_printer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/printer_base.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/sca_table_printer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/table.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/table_models.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/table_printer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/tables/table_printer_base.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/printers/text_printer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/base_file_manager.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/config_file_manager.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/configuration_manager.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/credentials_manager.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/user_settings/jwt_creator.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/enum_utils.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/get_api_client.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/path_utils.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/progress_bar.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/scan_batch.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/scan_utils.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/shell_executor.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/string_utils.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/task_timer.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/utils/yaml_utils.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/__init__.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/auth_client.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/client_creator.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/config.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/config.yaml +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/config_dev.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/cycode_client.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/cycode_client_base.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/cycode_dev_based_client.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/cycode_token_based_client.py +0 -0
- {cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cyclient/report_client.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: cycode
|
|
3
|
-
Version: 1.7.2.
|
|
3
|
+
Version: 1.7.2.dev9
|
|
4
4
|
Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
|
|
5
5
|
Home-page: https://github.com/cycodehq/cycode-cli
|
|
6
6
|
License: MIT
|
|
@@ -362,7 +362,7 @@ When using this option, the scan results from this scan will appear in the knowl
|
|
|
362
362
|
### Report Option
|
|
363
363
|
|
|
364
364
|
> [!NOTE]
|
|
365
|
-
> This option is only available to SCA scans.
|
|
365
|
+
> This option is only available to SCA and Secret scans.
|
|
366
366
|
|
|
367
367
|
To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
|
|
368
368
|
|
|
@@ -324,7 +324,7 @@ When using this option, the scan results from this scan will appear in the knowl
|
|
|
324
324
|
### Report Option
|
|
325
325
|
|
|
326
326
|
> [!NOTE]
|
|
327
|
-
> This option is only available to SCA scans.
|
|
327
|
+
> This option is only available to SCA and Secret scans.
|
|
328
328
|
|
|
329
329
|
To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
|
|
330
330
|
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
__version__ = '1.7.2.dev9' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import json
|
|
2
1
|
import logging
|
|
3
2
|
import os
|
|
4
3
|
import sys
|
|
@@ -99,6 +98,10 @@ def set_issue_detected_by_scan_results(context: click.Context, scan_results: Lis
|
|
|
99
98
|
set_issue_detected(context, any(scan_result.issue_detected for scan_result in scan_results))
|
|
100
99
|
|
|
101
100
|
|
|
101
|
+
def _should_use_scan_service(scan_type: str, scan_parameters: Optional[dict] = None) -> bool:
|
|
102
|
+
return scan_type == consts.SECRET_SCAN_TYPE and scan_parameters is not None and scan_parameters['report'] is True
|
|
103
|
+
|
|
104
|
+
|
|
102
105
|
def _enrich_scan_result_with_data_from_detection_rules(
|
|
103
106
|
cycode_client: 'ScanClient', scan_type: str, scan_result: ZippedFileScanResult
|
|
104
107
|
) -> None:
|
|
@@ -148,14 +151,21 @@ def _get_scan_documents_thread_func(
|
|
|
148
151
|
|
|
149
152
|
scan_id = str(_generate_unique_id())
|
|
150
153
|
scan_completed = False
|
|
154
|
+
should_use_scan_service = _should_use_scan_service(scan_type, scan_parameters)
|
|
151
155
|
|
|
152
156
|
try:
|
|
153
157
|
logger.debug('Preparing local files, %s', {'batch_size': len(batch)})
|
|
154
158
|
zipped_documents = zip_documents(scan_type, batch)
|
|
155
159
|
zip_file_size = zipped_documents.size
|
|
156
|
-
|
|
157
160
|
scan_result = perform_scan(
|
|
158
|
-
cycode_client,
|
|
161
|
+
cycode_client,
|
|
162
|
+
zipped_documents,
|
|
163
|
+
scan_type,
|
|
164
|
+
scan_id,
|
|
165
|
+
is_git_diff,
|
|
166
|
+
is_commit_range,
|
|
167
|
+
scan_parameters,
|
|
168
|
+
should_use_scan_service,
|
|
159
169
|
)
|
|
160
170
|
|
|
161
171
|
_enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_type, scan_result)
|
|
@@ -194,6 +204,7 @@ def _get_scan_documents_thread_func(
|
|
|
194
204
|
zip_file_size,
|
|
195
205
|
command_scan_type,
|
|
196
206
|
error_message,
|
|
207
|
+
should_use_scan_service,
|
|
197
208
|
)
|
|
198
209
|
|
|
199
210
|
return scan_id, error, local_scan_result
|
|
@@ -315,14 +326,13 @@ def scan_commit_range_documents(
|
|
|
315
326
|
local_scan_result = error_message = None
|
|
316
327
|
scan_completed = False
|
|
317
328
|
scan_id = str(_generate_unique_id())
|
|
318
|
-
|
|
319
329
|
from_commit_zipped_documents = InMemoryZip()
|
|
320
330
|
to_commit_zipped_documents = InMemoryZip()
|
|
321
331
|
|
|
322
332
|
try:
|
|
323
333
|
progress_bar.set_section_length(ScanProgressBarSection.SCAN, 1)
|
|
324
334
|
|
|
325
|
-
scan_result = init_default_scan_result(scan_id)
|
|
335
|
+
scan_result = init_default_scan_result(cycode_client, scan_id, scan_type)
|
|
326
336
|
if should_scan_documents(from_documents_to_scan, to_documents_to_scan):
|
|
327
337
|
logger.debug('Preparing from-commit zip')
|
|
328
338
|
from_commit_zipped_documents = zip_documents(scan_type, from_documents_to_scan)
|
|
@@ -428,8 +438,9 @@ def perform_scan(
|
|
|
428
438
|
is_git_diff: bool,
|
|
429
439
|
is_commit_range: bool,
|
|
430
440
|
scan_parameters: dict,
|
|
441
|
+
should_use_scan_service: bool = False,
|
|
431
442
|
) -> ZippedFileScanResult:
|
|
432
|
-
if scan_type in (consts.SCA_SCAN_TYPE, consts.SAST_SCAN_TYPE):
|
|
443
|
+
if scan_type in (consts.SCA_SCAN_TYPE, consts.SAST_SCAN_TYPE) or should_use_scan_service:
|
|
433
444
|
return perform_scan_async(cycode_client, zipped_documents, scan_type, scan_parameters)
|
|
434
445
|
|
|
435
446
|
if is_commit_range:
|
|
@@ -439,12 +450,20 @@ def perform_scan(
|
|
|
439
450
|
|
|
440
451
|
|
|
441
452
|
def perform_scan_async(
|
|
442
|
-
cycode_client: 'ScanClient',
|
|
453
|
+
cycode_client: 'ScanClient',
|
|
454
|
+
zipped_documents: 'InMemoryZip',
|
|
455
|
+
scan_type: str,
|
|
456
|
+
scan_parameters: dict,
|
|
443
457
|
) -> ZippedFileScanResult:
|
|
444
458
|
scan_async_result = cycode_client.zipped_file_scan_async(zipped_documents, scan_type, scan_parameters)
|
|
445
459
|
logger.debug('scan request has been triggered successfully, scan id: %s', scan_async_result.scan_id)
|
|
446
460
|
|
|
447
|
-
return poll_scan_results(
|
|
461
|
+
return poll_scan_results(
|
|
462
|
+
cycode_client,
|
|
463
|
+
scan_async_result.scan_id,
|
|
464
|
+
scan_type,
|
|
465
|
+
scan_parameters.get('report'),
|
|
466
|
+
)
|
|
448
467
|
|
|
449
468
|
|
|
450
469
|
def perform_commit_range_scan_async(
|
|
@@ -460,13 +479,16 @@ def perform_commit_range_scan_async(
|
|
|
460
479
|
)
|
|
461
480
|
|
|
462
481
|
logger.debug('scan request has been triggered successfully, scan id: %s', scan_async_result.scan_id)
|
|
463
|
-
return poll_scan_results(
|
|
482
|
+
return poll_scan_results(
|
|
483
|
+
cycode_client, scan_async_result.scan_id, scan_type, scan_parameters.get('report'), timeout
|
|
484
|
+
)
|
|
464
485
|
|
|
465
486
|
|
|
466
487
|
def poll_scan_results(
|
|
467
488
|
cycode_client: 'ScanClient',
|
|
468
489
|
scan_id: str,
|
|
469
490
|
scan_type: str,
|
|
491
|
+
should_get_report: bool = False,
|
|
470
492
|
polling_timeout: Optional[int] = None,
|
|
471
493
|
) -> ZippedFileScanResult:
|
|
472
494
|
if polling_timeout is None:
|
|
@@ -483,7 +505,7 @@ def poll_scan_results(
|
|
|
483
505
|
print_debug_scan_details(scan_details)
|
|
484
506
|
|
|
485
507
|
if scan_details.scan_status == consts.SCAN_STATUS_COMPLETED:
|
|
486
|
-
return _get_scan_result(cycode_client, scan_type, scan_id, scan_details)
|
|
508
|
+
return _get_scan_result(cycode_client, scan_type, scan_id, scan_details, should_get_report)
|
|
487
509
|
|
|
488
510
|
if scan_details.scan_status == consts.SCAN_STATUS_ERROR:
|
|
489
511
|
raise custom_exceptions.ScanAsyncError(
|
|
@@ -735,6 +757,7 @@ def _report_scan_status(
|
|
|
735
757
|
zip_size: int,
|
|
736
758
|
command_scan_type: str,
|
|
737
759
|
error_message: Optional[str],
|
|
760
|
+
should_use_scan_service: bool = False,
|
|
738
761
|
) -> None:
|
|
739
762
|
try:
|
|
740
763
|
end_scan_time = time.time()
|
|
@@ -751,7 +774,7 @@ def _report_scan_status(
|
|
|
751
774
|
'scan_type': scan_type,
|
|
752
775
|
}
|
|
753
776
|
|
|
754
|
-
cycode_client.report_scan_status(scan_type, scan_id, scan_status)
|
|
777
|
+
cycode_client.report_scan_status(scan_type, scan_id, scan_status, should_use_scan_service)
|
|
755
778
|
except Exception as e:
|
|
756
779
|
logger.debug('Failed to report scan status, %s', {'exception_message': str(e)})
|
|
757
780
|
|
|
@@ -769,37 +792,49 @@ def _does_severity_match_severity_threshold(severity: str, severity_threshold: s
|
|
|
769
792
|
|
|
770
793
|
|
|
771
794
|
def _get_scan_result(
|
|
772
|
-
cycode_client: 'ScanClient',
|
|
795
|
+
cycode_client: 'ScanClient',
|
|
796
|
+
scan_type: str,
|
|
797
|
+
scan_id: str,
|
|
798
|
+
scan_details: 'ScanDetailsResponse',
|
|
799
|
+
should_get_report: bool = False,
|
|
773
800
|
) -> ZippedFileScanResult:
|
|
774
801
|
if not scan_details.detections_count:
|
|
775
|
-
return init_default_scan_result(scan_id,
|
|
802
|
+
return init_default_scan_result(cycode_client, scan_id, scan_type, should_get_report)
|
|
776
803
|
|
|
777
804
|
wait_for_detections_creation(cycode_client, scan_type, scan_id, scan_details.detections_count)
|
|
778
805
|
|
|
779
806
|
scan_detections = cycode_client.get_scan_detections(scan_type, scan_id)
|
|
807
|
+
|
|
780
808
|
return ZippedFileScanResult(
|
|
781
809
|
did_detect=True,
|
|
782
810
|
detections_per_file=_map_detections_per_file(scan_detections),
|
|
783
811
|
scan_id=scan_id,
|
|
784
|
-
report_url=
|
|
812
|
+
report_url=_try_get_report_url_if_needed(cycode_client, should_get_report, scan_id, scan_type),
|
|
785
813
|
)
|
|
786
814
|
|
|
787
815
|
|
|
788
|
-
def init_default_scan_result(
|
|
816
|
+
def init_default_scan_result(
|
|
817
|
+
cycode_client: 'ScanClient', scan_id: str, scan_type: str, should_get_report: bool = False
|
|
818
|
+
) -> ZippedFileScanResult:
|
|
789
819
|
return ZippedFileScanResult(
|
|
790
|
-
did_detect=False,
|
|
820
|
+
did_detect=False,
|
|
821
|
+
detections_per_file=[],
|
|
822
|
+
scan_id=scan_id,
|
|
823
|
+
report_url=_try_get_report_url_if_needed(cycode_client, should_get_report, scan_id, scan_type),
|
|
791
824
|
)
|
|
792
825
|
|
|
793
826
|
|
|
794
|
-
def
|
|
795
|
-
|
|
827
|
+
def _try_get_report_url_if_needed(
|
|
828
|
+
cycode_client: 'ScanClient', should_get_report: bool, scan_id: str, scan_type: str
|
|
829
|
+
) -> Optional[str]:
|
|
830
|
+
if not should_get_report:
|
|
796
831
|
return None
|
|
797
832
|
|
|
798
833
|
try:
|
|
799
|
-
|
|
800
|
-
return
|
|
801
|
-
except
|
|
802
|
-
|
|
834
|
+
report_url_response = cycode_client.get_scan_report_url(scan_id, scan_type)
|
|
835
|
+
return report_url_response.report_url
|
|
836
|
+
except Exception as e:
|
|
837
|
+
logger.debug('Failed to get report url: %s', str(e))
|
|
803
838
|
|
|
804
839
|
|
|
805
840
|
def wait_for_detections_creation(
|
|
@@ -856,9 +891,18 @@ def _get_file_name_from_detection(detection: dict) -> str:
|
|
|
856
891
|
if detection['category'] == 'SAST':
|
|
857
892
|
return detection['detection_details']['file_path']
|
|
858
893
|
|
|
894
|
+
if detection['category'] == 'SecretDetection':
|
|
895
|
+
return _get_secret_file_name_from_detection(detection)
|
|
896
|
+
|
|
859
897
|
return detection['detection_details']['file_name']
|
|
860
898
|
|
|
861
899
|
|
|
900
|
+
def _get_secret_file_name_from_detection(detection: dict) -> str:
|
|
901
|
+
file_path: str = detection['detection_details']['file_path']
|
|
902
|
+
file_name: str = detection['detection_details']['file_name']
|
|
903
|
+
return os.path.join(file_path, file_name)
|
|
904
|
+
|
|
905
|
+
|
|
862
906
|
def _does_reach_to_max_commits_to_scan_limit(commit_ids: List[str], max_commits_count: Optional[int]) -> bool:
|
|
863
907
|
if max_commits_count is None:
|
|
864
908
|
return False
|
|
@@ -171,6 +171,19 @@ class ScanDetailsResponse(Schema):
|
|
|
171
171
|
self.err = err
|
|
172
172
|
|
|
173
173
|
|
|
174
|
+
@dataclass
|
|
175
|
+
class ScanReportUrlResponse:
|
|
176
|
+
report_url: str
|
|
177
|
+
|
|
178
|
+
|
|
179
|
+
class ScanReportUrlResponseSchema(Schema):
|
|
180
|
+
report_url = fields.String()
|
|
181
|
+
|
|
182
|
+
@post_load
|
|
183
|
+
def build_dto(self, data: Dict[str, Any], **_) -> 'ScanReportUrlResponse':
|
|
184
|
+
return ScanReportUrlResponse(**data)
|
|
185
|
+
|
|
186
|
+
|
|
174
187
|
class ScanDetailsResponseSchema(Schema):
|
|
175
188
|
class Meta:
|
|
176
189
|
unknown = EXCLUDE
|
|
@@ -30,7 +30,9 @@ class ScanClient:
|
|
|
30
30
|
|
|
31
31
|
self._hide_response_log = hide_response_log
|
|
32
32
|
|
|
33
|
-
def get_scan_controller_path(self, scan_type: str) -> str:
|
|
33
|
+
def get_scan_controller_path(self, scan_type: str, should_use_scan_service: bool = False) -> str:
|
|
34
|
+
if should_use_scan_service:
|
|
35
|
+
return self._SCAN_CONTROLLER_PATH
|
|
34
36
|
if scan_type == consts.SCA_SCAN_TYPE:
|
|
35
37
|
return self._SCAN_CONTROLLER_PATH_SCA
|
|
36
38
|
|
|
@@ -42,9 +44,9 @@ class ScanClient:
|
|
|
42
44
|
|
|
43
45
|
return self._DETECTIONS_SERVICE_CONTROLLER_PATH
|
|
44
46
|
|
|
45
|
-
def get_scan_service_url_path(self, scan_type: str) -> str:
|
|
46
|
-
service_path = self.scan_config.get_service_name(scan_type)
|
|
47
|
-
controller_path = self.get_scan_controller_path(scan_type)
|
|
47
|
+
def get_scan_service_url_path(self, scan_type: str, should_use_scan_service: bool = False) -> str:
|
|
48
|
+
service_path = self.scan_config.get_service_name(scan_type, should_use_scan_service)
|
|
49
|
+
controller_path = self.get_scan_controller_path(scan_type, should_use_scan_service)
|
|
48
50
|
return f'{service_path}/{controller_path}'
|
|
49
51
|
|
|
50
52
|
def content_scan(self, scan_type: str, file_name: str, content: str, is_git_diff: bool = True) -> models.ScanResult:
|
|
@@ -72,13 +74,22 @@ class ScanClient:
|
|
|
72
74
|
|
|
73
75
|
return self.parse_zipped_file_scan_response(response)
|
|
74
76
|
|
|
77
|
+
def get_scan_report_url(self, scan_id: str, scan_type: str) -> models.ScanReportUrlResponse:
|
|
78
|
+
response = self.scan_cycode_client.get(url_path=self.get_scan_report_url_path(scan_id, scan_type))
|
|
79
|
+
return models.ScanReportUrlResponseSchema().build_dto(response.json())
|
|
80
|
+
|
|
75
81
|
def get_zipped_file_scan_async_url_path(self, scan_type: str) -> str:
|
|
76
82
|
async_scan_type = self.scan_config.get_async_scan_type(scan_type)
|
|
77
83
|
async_entity_type = self.scan_config.get_async_entity_type(scan_type)
|
|
78
|
-
|
|
84
|
+
scan_service_url_path = self.get_scan_service_url_path(scan_type, True)
|
|
85
|
+
return f'{scan_service_url_path}/{async_scan_type}/{async_entity_type}'
|
|
79
86
|
|
|
80
87
|
def zipped_file_scan_async(
|
|
81
|
-
self,
|
|
88
|
+
self,
|
|
89
|
+
zip_file: InMemoryZip,
|
|
90
|
+
scan_type: str,
|
|
91
|
+
scan_parameters: dict,
|
|
92
|
+
is_git_diff: bool = False,
|
|
82
93
|
) -> models.ScanInitializationResponse:
|
|
83
94
|
files = {'file': ('multiple_files_scan.zip', zip_file.read())}
|
|
84
95
|
response = self.scan_cycode_client.post(
|
|
@@ -109,7 +120,10 @@ class ScanClient:
|
|
|
109
120
|
return models.ScanInitializationResponseSchema().load(response.json())
|
|
110
121
|
|
|
111
122
|
def get_scan_details_path(self, scan_type: str, scan_id: str) -> str:
|
|
112
|
-
return f'{self.get_scan_service_url_path(scan_type)}/{scan_id}'
|
|
123
|
+
return f'{self.get_scan_service_url_path(scan_type, should_use_scan_service=True)}/{scan_id}'
|
|
124
|
+
|
|
125
|
+
def get_scan_report_url_path(self, scan_id: str, scan_type: str) -> str:
|
|
126
|
+
return f'{self.get_scan_service_url_path(scan_type, should_use_scan_service=True)}/reportUrl/{scan_id}'
|
|
113
127
|
|
|
114
128
|
def get_scan_details(self, scan_type: str, scan_id: str) -> models.ScanDetailsResponse:
|
|
115
129
|
path = self.get_scan_details_path(scan_type, scan_id)
|
|
@@ -222,11 +236,18 @@ class ScanClient:
|
|
|
222
236
|
)
|
|
223
237
|
return self.parse_zipped_file_scan_response(response)
|
|
224
238
|
|
|
225
|
-
def get_report_scan_status_path(self, scan_type: str, scan_id: str) -> str:
|
|
226
|
-
return f'{self.get_scan_service_url_path(scan_type)}/{scan_id}/status'
|
|
239
|
+
def get_report_scan_status_path(self, scan_type: str, scan_id: str, should_use_scan_service: bool = False) -> str:
|
|
240
|
+
return f'{self.get_scan_service_url_path(scan_type, should_use_scan_service)}/{scan_id}/status'
|
|
227
241
|
|
|
228
|
-
def report_scan_status(
|
|
229
|
-
self
|
|
242
|
+
def report_scan_status(
|
|
243
|
+
self, scan_type: str, scan_id: str, scan_status: dict, should_use_scan_service: bool = False
|
|
244
|
+
) -> None:
|
|
245
|
+
self.scan_cycode_client.post(
|
|
246
|
+
url_path=self.get_report_scan_status_path(
|
|
247
|
+
scan_type, scan_id, should_use_scan_service=should_use_scan_service
|
|
248
|
+
),
|
|
249
|
+
body=scan_status,
|
|
250
|
+
)
|
|
230
251
|
|
|
231
252
|
@staticmethod
|
|
232
253
|
def parse_scan_response(response: Response) -> models.ScanResult:
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
from abc import ABC, abstractmethod
|
|
2
2
|
|
|
3
|
+
from cycode.cli import consts
|
|
4
|
+
|
|
3
5
|
|
|
4
6
|
class ScanConfigBase(ABC):
|
|
5
7
|
@abstractmethod
|
|
6
|
-
def get_service_name(self, scan_type: str) -> str:
|
|
8
|
+
def get_service_name(self, scan_type: str, should_use_scan_service: bool = False) -> str:
|
|
7
9
|
...
|
|
8
10
|
|
|
9
11
|
@staticmethod
|
|
@@ -16,7 +18,9 @@ class ScanConfigBase(ABC):
|
|
|
16
18
|
return scan_type.upper()
|
|
17
19
|
|
|
18
20
|
@staticmethod
|
|
19
|
-
def get_async_entity_type(
|
|
21
|
+
def get_async_entity_type(scan_type: str) -> str:
|
|
22
|
+
if scan_type == consts.SECRET_SCAN_TYPE:
|
|
23
|
+
return 'ZippedFile'
|
|
20
24
|
# we are migrating to "zippedfile" entity type. will be used later
|
|
21
25
|
return 'repository'
|
|
22
26
|
|
|
@@ -26,7 +30,9 @@ class ScanConfigBase(ABC):
|
|
|
26
30
|
|
|
27
31
|
|
|
28
32
|
class DevScanConfig(ScanConfigBase):
|
|
29
|
-
def get_service_name(self, scan_type: str) -> str:
|
|
33
|
+
def get_service_name(self, scan_type: str, should_use_scan_service: bool = False) -> str:
|
|
34
|
+
if should_use_scan_service:
|
|
35
|
+
return '5004'
|
|
30
36
|
if scan_type == 'secret':
|
|
31
37
|
return '5025'
|
|
32
38
|
if scan_type == 'iac':
|
|
@@ -40,7 +46,9 @@ class DevScanConfig(ScanConfigBase):
|
|
|
40
46
|
|
|
41
47
|
|
|
42
48
|
class DefaultScanConfig(ScanConfigBase):
|
|
43
|
-
def get_service_name(self, scan_type: str) -> str:
|
|
49
|
+
def get_service_name(self, scan_type: str, should_use_scan_service: bool = False) -> str:
|
|
50
|
+
if should_use_scan_service:
|
|
51
|
+
return 'scans'
|
|
44
52
|
if scan_type == 'secret':
|
|
45
53
|
return 'secret'
|
|
46
54
|
if scan_type == 'iac':
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[tool.poetry]
|
|
2
2
|
name = "cycode"
|
|
3
|
-
version = "1.7.2.
|
|
3
|
+
version = "1.7.2.dev9" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
|
|
4
4
|
description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
|
|
5
5
|
keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
|
|
6
6
|
authors = ["Cycode <support@cycode.com>"]
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
__version__ = '1.7.2.dev7' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/path/path_command.py
RENAMED
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/report/sbom/repository_url/__init__.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_commit/pre_commit_command.py
RENAMED
|
File without changes
|
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/pre_receive/pre_receive_command.py
RENAMED
|
File without changes
|
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/commands/scan/repository/repository_command.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{cycode-1.7.2.dev7 → cycode-1.7.2.dev9}/cycode/cli/files_collector/iac/tf_content_generator.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|